CVE-2021-38149

index.php/admin/adduser in Chikitsa Patient Management System 2.0.0 allows XSS...

CVE-2020-21806

SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php...

CVE-2020-18157

Cross Site Request Forgery CSRF vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php...

CVE-2020-18158

Cross Site Scripting XSS vulnerability in HuCart 5.7.4 via nickname in index.php...

Sql injection

SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter in index.php?adminbanned/add.htm...

Sql injection

SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php...

Cross site scripting

Cross Site Scripting XSS vulnerability in HuCart 5.7.4 via nickname in index.php...

HuCart Cross-Site Scripting Vulnerability

HuCart HuCart is a PHP Mysql-based free open source enterprise website system. HuCart 5.7.4 has a cross-site scripting vulnerability, which can be exploited by attackers to conduct cross-site scripting attacks via the nickname in index.php...

CVE-2020-18158

Cross Site Scripting XSS vulnerability in HuCart 5.7.4 via nickname in index.php...

CVE-2020-18158

Technical details about CVE-2020-18158 are not publicly provided in the supplied documents. No confirmed affected versions or fixes are listed here. Monitor for updates from vendors and security advisories.

CVE-2020-18157

MetInfo 6.1.3 is affected by a Cross-Site Request Forgery (CSRF) vulnerability via the doaddsave action in admin/index.php. Root cause: CSRF in that action allows state-changing requests without proper user authentication. CVE-2020-18157 has a CVSS‑v3.1 base score of 8.8 (HIGH) with vectors CVSS:...

CVE-2020-18157

Cross Site Request Forgery CSRF vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php...

CVE-2020-21806

SQL Injection Vulnerability in ECTouch v2 via the shop page in index.php...

CVE-2020-21806

The collected documents confirm a concrete vulnerability: CVE-2020-21806 affects ECTouch v2, with a SQL Injection on the shop page (index.php). The root cause cited in CNNVD-202107-2173 and related entries is failure to filter special characters in input, enabling an attacker to execute arbitrary...

KevinLAB BEMS 1.0 Authenticated File Path Traversal / Information Disclosure

KevinLAB BEMS 1.0 Authenticated File Path Traversal Information Disclosure Vendor: KevinLAB Inc. Product web page: http://www.kevinlab.com Affected version: 4ST L-BEMS 1.0.0 Building Energy Management System Summary: KevinLab is a venture company specialized in IoT, Big Data, A.I based energy...

MetInfo SQL Injection Vulnerability (CNVD-2021-51809)

Metinfo MetInfo is a content management system CMS developed by China Mito Metinfo using PHP and Mysql. A SQL injection vulnerability exists in index.php in Metinfo 7.0.0beta, which arises from a database-based application that lacks validation of externally entered SQL statements. An attacker ca...

ECTouch SQL Injection Vulnerability

ECTouch is an application. An open source mobile mall system to create an enterprise exclusive mobile mall. ECTouch suffers from a SQL injection vulnerability, which originates from the SQL injection vulnerability in ECTouch v2 generated through the integralmin parameter in index.php. An attacker...

Advantech R-SeeNet options.php local file inclusion (LFI) vulnerability

Summary A local file inclusion LFI vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability. Tested...

CVE-2020-18144

SQL Injection Vulnerability in ECTouch v2 via the integralmin parameter in index.php...

Sql injection

SQL Injection Vulnerability in ECTouch v2 via the integralmin parameter in index.php...